Skip to main content

Setup - Configure SSO for Any Provider

This article describes how to configure Single Sign-On (SSO) for the SurePath AI platform using your organization's Identity Provider (IdP)

Updated over 2 months ago

Configure SSO for Any Provider

Supported Identity Providers

SurePath AI supports both Open ID Connect or OIDC and SAML 2.0. Most major identity providers support one or both of these protocols including (but not limited to):

  • Microsoft Entra ID (formerly Azure AD)

  • Okta

  • Auth0

  • PingIdentity

  • OneLogin

  • WorkOS

  • Rippling

Authentication Protocols

SurePath AI supports both OIDC and SAML authentication protocols. While we recommend OIDC for its enhanced security features and simplified user experience, you may choose either protocol based on your organization's requirements.

Initial Configuration Steps

  • Navigate to https://admin.surepath.ai

  • Click on Organization in the left menu column

  • Select the Identity tab

  • In the Identity Providers form, click + ADD PROVIDER

  • In the Provider Name field, enter a name for the IdP or SSO provider being added

  • In the Provider Type drop-down, select the type of provider you are adding:

    • OIDC

    • SAML

    • SAML - Metadata XML

    • SAML - Metadata URL

OIDC Configuration

Information SurePath AI Provides

  • Authorization Callback URL

    • Also known as Redirect URI, Reply URL, or Callback URL

    • This URL must be entered in your IdP's configuration

Information Required from Your IdP

  • Client ID

    • Also known as Application ID

  • Client Secret

    • Also known as Application Secret or API Key

  • Issuer URL

    • Also known as Authority URL, OpenID Provider URL, or Issuer Identifier

OIDC Configuration Steps

  • Enter the required information from your IdP into the corresponding fields

  • Click SAVE

  • Toggle the Enabled switch to the enabled position

  • Click SAVE again to activate the provider

SAML Configuration

Option 1: SAML

Information SurePath AI Provides

  • Service Provider Entity ID

    • Also known as Issuer URL, Metadata URL, Audience URL, or Provider ID

  • Authorization Callback URL

    • Also known as Assertion Consumer Service (ACS) URL, SAML Consumer URL, Service Provider (SP) Response URL, or simply the SAML Endpoint

    • These values must be entered in your IdP's configuration

Information Required from Your IdP

  • Entity ID

    • Also known as Issuer, IdP Entity ID, or Identifier

  • SSO URL

    • Also known as SAML Endpoint, Login URL, or IdP Sign-in URL

  • Provider Certificate

    • Also known as Identity Provider (IdP) certificate, SAML signing certificate, or encryption certificate

SAML Configuration Steps

  • Enter the required information from your IdP into the corresponding fields

  • Click SAVE

  • Toggle the Enabled switch to the enabled position

  • Click SAVE again to activate the provider

Option 2: SAML - Metadata XML

This option simplifies configuration by allowing you to upload the metadata XML file from your IdP.

SAML - Metadata XML Configuration Steps

  • Obtain the SAML metadata XML file from your IdP's administration console

  • Paste the entire XML content into the Metadata XML field

  • Click SAVE

  • Toggle the Enabled switch to the enabled position

  • Click SAVE again to activate the provider

Option 3: SAML - Metadata URL

This option allows SurePath AI to automatically fetch and process your IdP's metadata.

SAML - Metadata URL Configuration Steps

  • Obtain the metadata URL from your IdP (must be publicly accessible)

  • Enter the URL into the Metadata URL field

  • Click SAVE

  • Toggle the Enabled switch to the enabled position

  • Click SAVE again to activate the provider

Related Articles
Setup - SSO with Microsoft Entra
Proxy - Google Workspace - Distributing Configuration to Chrome and ChromeOS
Proxy - Rippling - Distributing Configuration for Windows
Proxy - Jamf Pro - Distributing Configuration for Apple devices
Proxy - Microsoft Intune - Distributing configuration for Windows
Did this answer your question?